fabric-ca-server無法以softhsm配置啟動

Question

我已經在fabric ca中啟用了PKCS11，但是當本機啟動fabric-ca-server時，然后拋出以下錯誤。 請注意，使用默認的SW選項可以正常工作。

1. 檢出fabric-ca v1.3.0
2. 更新BCCSP屬性，如下所示

bccsp：默認值：PKCS11 pkcs11：庫：/usr/local/lib/softhsm/libsofthsm2.so引腳：daily123標簽：org1label哈希：SHA2安全性：256 filekeystore：＃用於基於軟件文件的密鑰庫密鑰庫的目錄：msp /密鑰庫

3. 使用命令./fabric-ca-server start -b admin：adminpw -d運行服務器

錯誤2018/10/12 07:27:01 [INFO] Configuration file location: /opt/gopath/bin/fabric-ca-server-config.yaml 2018/10/12 07:27:01 [INFO] Starting server in home directory: /opt/gopath/bin 2018/10/12 07:27:01 [INFO] Server Version: 1.3.0 2018/10/12 07:27:01 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} 2018/10/12 07:27:01 [DEBUG] Making server filenames absolute 2018/10/12 07:27:01 [DEBUG] Initializing default CA in directory /opt/gopath/bin 2018/10/12 07:27:01 [DEBUG] Init CA with home /opt/gopath/bin and config {Version:1.3.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name: Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc4204ce7d0 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[safenet localhost] KeyRequest:0xc4204b1ac0 CA:0xc4204b1b40 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1] }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc4204de060 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}} 2018/10/12 07:27:01 [DEBUG] CA Home Directory: /opt/gopath/bin 2018/10/12 07:27:01 [DEBUG] Checking configuration file version '1.3.0' against server version: '1.3.0' 2018/10/12 07:27:01 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:<nil> PluginOpts:<nil>} 2018/10/12 07:27:01 [DEBUG] Closing server DBs Error: Failed to initialize BCCSP Factories: %!s(<nil>) Could not find default 2018/10/12 07:27:01 [INFO] Configuration file location: /opt/gopath/bin/fabric-ca-server-config.yaml 2018/10/12 07:27:01 [INFO] Starting server in home directory: /opt/gopath/bin 2018/10/12 07:27:01 [INFO] Server Version: 1.3.0 2018/10/12 07:27:01 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} 2018/10/12 07:27:01 [DEBUG] Making server filenames absolute 2018/10/12 07:27:01 [DEBUG] Initializing default CA in directory /opt/gopath/bin 2018/10/12 07:27:01 [DEBUG] Init CA with home /opt/gopath/bin and config {Version:1.3.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name: Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc4204ce7d0 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[safenet localhost] KeyRequest:0xc4204b1ac0 CA:0xc4204b1b40 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1] }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc4204de060 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}} 2018/10/12 07:27:01 [DEBUG] CA Home Directory: /opt/gopath/bin 2018/10/12 07:27:01 [DEBUG] Checking configuration file version '1.3.0' against server version: '1.3.0' 2018/10/12 07:27:01 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:<nil> PluginOpts:<nil>} 2018/10/12 07:27:01 [DEBUG] Closing server DBs Error: Failed to initialize BCCSP Factories: %!s(<nil>) Could not find default 2018/10/12 07:27:01 [INFO] Configuration file location: /opt/gopath/bin/fabric-ca-server-config.yaml 2018/10/12 07:27:01 [INFO] Starting server in home directory: /opt/gopath/bin 2018/10/12 07:27:01 [INFO] Server Version: 1.3.0 2018/10/12 07:27:01 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} 2018/10/12 07:27:01 [DEBUG] Making server filenames absolute 2018/10/12 07:27:01 [DEBUG] Initializing default CA in directory /opt/gopath/bin 2018/10/12 07:27:01 [DEBUG] Init CA with home /opt/gopath/bin and config {Version:1.3.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name: Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc4204ce7d0 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[safenet localhost] KeyRequest:0xc4204b1ac0 CA:0xc4204b1b40 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1] }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc4204de060 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}} 2018/10/12 07:27:01 [DEBUG] CA Home Directory: /opt/gopath/bin 2018/10/12 07:27:01 [DEBUG] Checking configuration file version '1.3.0' against server version: '1.3.0' 2018/10/12 07:27:01 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:<nil> PluginOpts:<nil>} 2018/10/12 07:27:01 [DEBUG] Closing server DBs Error: Failed to initialize BCCSP Factories: %!s(<nil>) Could not find default PKCS11 BCCSP

Answer 1

它可以與最新的fabric-ca圖像（截至最新的1.4.0-snapshot-cb7353f）配合使用。

Answer 2

如果您使用fabric-ca 1.3代碼庫，請按照以下步驟操作

GO_TAGS=pkcs11 make fabric-ca-server

使用softHSM數據（例如令牌，標簽，引腳，庫）更新fabric-ca-server-config.yaml （請在此處https://hyperledger-fabric-ca.readthedocs.io/en/release-1.3/users-guide.html ＃configuring-fabric-ca-server-to-use-softhsm2 ）

使用fabric-ca-server start -b admin:adminpw重新啟動fabric-ca服務器

fabric-ca服務器將按預期方式重新啟動。